Internet Protocol Security (IPSEC) is a set of protocols for securing communications between different machines (e.g., hosts, routers, etc.) on a network. IPSEC policies establish a security protocol for communications between the different machines of the network by specifying a shared key and an encryption method to encrypt/decrypt data traveling between the machines. Contemporary machines apply IPSEC policies at Layer 3 (L3) address levels.
However, such policies are prone to unintended results in networks that use Dynamic Host Configuration Protocol (DHCP) to dynamically assign addresses to a machine. In some cases, dynamic addresses are assigned to the machines, independent from the maintenance of the active IPSEC policies of each machine, creating situations where the IPSEC policies need to be updated to reference newly assigned addresses of the machine. In such situations, communications between the machines may be disrupted when data addressed to the newly assigned address no longer matches with the correct IPSEC policy, which is still referencing a previously assigned address. Changes in the dynamic address require administrative action to correct the obsolete policy definitions. To avoid such administrative costs, administrators often use alternate approaches, such as avoiding DHCP altogether and rather assigning static (Internet Protocol) IP addresses to the interfaces of a machine.